dsccommunity
ADDomainController: Add ability to demote DCs with Ensure = Absent
Details of the scenario you tried and the problem that is occurring
Issue #155 had the Ensure property added to the xADDomainController schema as a Read property, since there was no logic to support removing the DC role by setting Ensure to 'Absent'. This issue is a request to add that logic, and enable users to set the Ensure property by tagging it as a Write property.
Verbose logs showing the problem
n/a
Suggested solution to the issue
Add logic blocks to the Test- and Set-TargetResource functions to support removing the DC role from a target node.
The DSC configuration that is used to reproduce the issue (as detailed as possible)
xADDomainController Foo
{
DomainName = 'contoso.local'
DomainAdministratorCredential = $Password
SafemodeAdministratorPassword = $Password
Ensure = 'Absent'
}
The operating system the target node is running
Supported Windows Server
Version and build of PowerShell the target node is running
5.1+
Version of the DSC module that was used ('dev' if using current dev branch)
2.24
For reference, the cmdlet Uninstall-ADDSDomainController to demote a domain controller. I suggest we do not add parameters that ignores prerequisites or forcibly removes a domain controller, we should demote a domain controller the safest way possible with this cmdlet. 🤔
